Protecting Your Data, Securing Your Future

Now 15% off featured cybersecurity services and products, limited time only!

Call (800) 596 – 2006 | Customer Login

Looking for a Specific Product?

[fibosearch]

Discussion – 

0

Discussion – 

0

Glossary of Terms

Something (or someone) is always trying to get into your network. There are APTs, hackers, phishing, data breaches, penetration tests, and vulnerability exploit. But if you’re not in the industry that may have all sounded like a foreign language. Carson Inc. wants to help you understand the technical jargon we use every day, so we’ve created a glossary of the most popular terms we use or hear on a daily basis.

Commonly Used Terms in Cyber Security

What is a Vulnerability?

The dictionary definition of vulnerability is when a person, place, or thing is susceptible to physical or emotional attack or harm. In a security sense, it is a flaw or weakness in a system that can leave information open to an attack.

 Vulnerability Scan

Cutting down vulnerabilities are what security-consulting professionals seek to reduce. By diminishing the vulnerabilities, there are fewer opportunities for a malicious user to gain access to secure information. A vulnerability scan is a tool that seeks out security flaws that you may have in your system. You should have at your disposal to assist in risk management.

Penetration Test

In addition to vulnerability scans, penetration testing is when there is a controlled, authorized attack on a computer system with the intention to find security weaknesses and then proactively remediated them in order to decrease the consequences from similar breaches.

Data Breach

A data breach is an incident in which sensitive, protected, or confidential information has been potentially viewed, stolen, or used by an individual unauthorized to do so.

Malware

Short for malicious software, malware is any software that has an intended use to cause harm or exploit or steal a person’s computer, computer system, or private records without consent.

Phishing

Phishing is the process of defrauding an online account holder of financial information by posing as a legitimate company. The information they are attempting to acquire is usually usernames, passwords, and credit card details. It is usually carried out by email and often directs a user to a fake website that looks almost identical to the legitimate one. It is one of the most popular threats to cyber security today.

PCI

The Payment Card Industry (PCI) is an open global forum that is responsible for the development, management, education, and awareness of the PCI Security Standards.

PCI Assessment

The PCI Assessment is the first step for successful compliance with the PCI DSS framework. This self-guided questionnaire will help you understand scope and any deficiencies within your existing security infrastructure.

PCI Requirement

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Usually businesses determine which Self Assessment Questionnaire their business should use to validate compliance. Then you must obtain evidence of passing the vulnerability scan and submit the scan to your acquirer.

Threat

Threat is “the possibility of trouble, danger, or ruin.”  In computer security, a threat is a possible danger that might exploit an organization’s vulnerability. Threat sources can exploit the vulnerabilities of your organization.  

Risk

Risk is when something is exposed to danger, harm or loss. In a computer security sense, risk must be pro-actively managed to identify and respond to new vulnerabilities and minimize cost associated with a breach of security. Your organization should be able to identify, assess, respond, and monitor the risk to your organization’s information infrastructure. The goal if identifying risks is to reduce the potential impact from a threat to exposed vulnerabilities.

Exploit

An effective risk management process aims to reduce the potential impact from a threat exploiting an organization’s vulnerabilities.

Likelihood

When discussing likelihood in a cybersecurity sense, it focuses on the possibility of a threat-vulnerability. Likelihood is usually used in correlation with impact to show the degree of potential severity of an incident

Confidentiality, Integrity, Availability (C.I.A.)

CIA is a widely used benchmark for evaluation of information systems security, focusing on the three core goals of confidentiality, integrity, and availability of information.

            Confidentiality refers to preventing access to unauthorized users.

Integrity refers to the trustworthiness of information resources

            Availability refers to the availability of information

Intrusion Prevention vs. Intrusions Detection

Intrusion Prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Intrusion Detection is a system that gathers and analyzes information from various areas to recognize patterns of typical attacks and determine vulnerabilities. Intrusion detection usually uses vulnerability scan, which assess the security of a system or network.

Advanced Persistent Threat (APT)

An Advanced Persistent Threat (APT) is a set of continuous computer hacking processes that are targeted at a specific entity. It is usually a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of these attacks is to steal data rather than cause damage – usually target high-value information.

Privacy Information

The protection of personal information stored on computers or in data systems.

System Development Life Cycle (SDLC)

The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.

Need Help with Cyber Security? 

The Carson & SAINT team enforces a life cycle approach to structuring information security programs that ensure that your organization’s most critical data is protected, safeguarding its confidentiality, integrity, and availability. The technical solution we offer has been vetted over many successful engagements and couples the best of breed methodologies, technologies, and security experts together to bring a holistic view to an organization’s security program. For more information email marketing@carsoninc.com or call (301) 656-4565.

Carson & SAINT Admin

0 Comments

You May Also Like

PCI Compliance: What is PCI Compliance?

This is the first of a six-part blog series about Payment Card Industry (PCI) compliance. Over the next few weeks, we’ll be discussing PCI, its scope, compliance reporting requirements, readiness assessments, remediation, penetration testing, and vulnerability scans. By the end of this series, we hope our readers will have a better understanding of PCI, its importance, and how to become compliant with PCI security standards.

Loading...
X
My cart
Your cart is empty.

Looks like you haven't made a choice yet.